Vulnerabilities > CVE-2005-3812 - Denial Of Service vulnerability in Freeftpd 1.0.10

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
freeftpd
nessus
exploit available

Summary

freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.

Vulnerable Configurations

Part Description Count
Application
Freeftpd
1

Exploit-Db

descriptionFreeFTPD <= 1.0.10 (PORT Command) Denial of Service Exploit. CVE-2005-3812. Dos exploit for windows platform
idEDB-ID:1339
last seen2016-01-31
modified2005-11-24
published2005-11-24
reporterStefan Lochbihler
sourcehttps://www.exploit-db.com/download/1339/
titleFreeFTPD <= 1.0.10 PORT Command Denial of Service Exploit

Nessus

NASL familyFTP
NASL idFREEFTPD_PORT_DOS.NASL
descriptionThe remote host appears to be using freeFTPd, a free FTP / FTPS / SFTP server for Windows. The version of freeFTPd installed on the remote host crashes if it receives a PORT command with a port number from an authenticated user. In addition, the application reportedly will freeze for a period of time if it receives a PASV command with user-supplied data.
last seen2020-06-01
modified2020-06-02
plugin id20247
published2005-11-29
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20247
titlefreeFTPd Multiple Command Malformed Argument Remote DoS